So far in 2018, ransomware like WannaCry have continued to spread, and Emotet has emerged as a leading, modular banking Trojan. Cloud cryptojacking is also on the rise.

Security experts are particularly concerned about the evolution of context-aware threats like the Rakhni Trojan, as well as the growth of ransomware-as-a-service. A context-aware threat installs malware best suited for the systems that it is infecting. For example, in computers that have cryptocurrency wallets already installed, Rakhni will deploy ransomware that encrypts the device and requires victims to pay a cryptocurrency ransom for decryption. Ransomware-as-a-service is where hackers offer ransomware platforms that inexperienced cyber criminals can use to hold data hostage

The MS-ISAC Top 10 Malware refers to the top 10 new actionable event notifications of non-generic malware signatures sent out by the MS-ISAC Security Operations Center (SOC).

Dropped – Malware delivered by other malware already on the system, an exploit kit, infected third-party software, or manually by a cyber threat actor.

Multiple – Refers to malware that currently favours at least two vectors.

Malspam – Unsolicited emails, which either direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

Network – Malware introduced through the abuse of legitimate network protocols or tools such as SMB or remote PowerShell.

Center for Internet Security, Inc. (CIS®) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organisations against cyber threats.